Title: File Upload Script PHPBB Module Arbitrary Script Upload Vulnerability
Severity: HIGH
Description:
File Upload Script is a phpBB module that allows users to upload files to a Web site.
File Upload Script is reported prone to an arbitrary script upload vulnerability. This issue results from insufficient sanitization of user-supplied data.
It is reported that the 'up.php' script does not sanitize file extensions prior to uploading a user-supplied file. This can allow an attacker to upload arbitrary PHP scripts to a computer.
If successful, the attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server.
All versions of File Upload Script are considered vulnerable at the moment.
Affected Products:
- File Upload Script File Upload Script 1.1.0
References:
- Meilad: File Upload Script
